New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] Disable HTTP/3 #19
Comments
I think Instagram may have enabled HTTP/3 recently, which is UDP and bypasses usual proxy configurations. There's an issue for mitmproxy at mitmproxy/mitmproxy#4170, and I'd guess the Android emulator's proxy configuration also doesn't affect HTTP/3 at all. As a quick workaround, I blocked all UDP traffic on my machine except port 53 (DNS) using iptables:
(if you have IPv6, repeat those with After that all requests are visible in mitmproxy @Eltion perhaps it would be possible to patch the app to not use HTTP/3? |
@tulir Your right about this. It seems like after login and reopening the app instagram is using HTTP/3. Thanks for reporting it. I've been trying to force HTTP2, had some success with it but the script is not as robust as it was before so I need to work a bit more into it. I just created a new branch for it here: disable-http3. Like this it will work for the current version (260.0.0.23.115) but it will break for each release, so I need to find a better way to do it. |
Seems like there is a configuration file located at Seems like deleting the file disables HTTP/3 so I'll do that until I figure out a better solution. |
I am still getting the same issue as #27 (HTTPS capturing works on first app run, not on subsequent runs) but no mobileconfig directory even exists in the specified location. Any idea what is going on here? I'm running instagram-v265.0.0.19.301-x86.apk. Thanks! |
@ChrisVinall can you test using the latest version |
Ah, my bad, that works. Not sure how I was running such an old version, I thought I was up to date. The nuking of the whole config is causing another issue for me related to app behaviour, but I'll try to figure it out. |
this problem still persists. |
when to share ssl pinning bypass for 284 version ? |
Describe the bug
When I first used this guide to bypass android SSL pinning I was able to see all the requests that the Instagram client was making such as Photos, API requests or simply profile informations fetching.
Right now, after some time, I came back on Instagram SSL pinning bypass and all I can see are requests you can see in the image below.
Method
I'm using Frida for bypassing the SSL pinning.
App info
Device info
Proxy tool
mitmproxy: v8.1.1
Logs
I'm using Frida tool for logging.
Thanks so much in advance !!!
The text was updated successfully, but these errors were encountered: